Data Protection
GDPR: Is your business a Foinavon?
Less than one year from now every business holding (i.e., processing) personal data will have undergone a significant process of internal change or will, more likely than not, be in breach of the GDPR. The change process will have started at the top of the business and will have devolved downwards in the form of training (and other changes). With a considerable amount of work businesses can make the necessary changes. Those businesses that succeed in changing and adapting will […]
GDPR; The Peril of holding data without good title
If you belong to some form of “circulating library” of personal data, less than one year from now you will encounter an excruciating dilemma. Under Article 14 of the GDPR you must notify the data subjects, whose data you have just received, of that fact and of your intentions with regard to the data. If you fail to do that you will be in breach of the Regulation. If you do it, the data subjects may direct you to delete […]
The General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) comes fully into effect on 25th May2018. I suggest this soundbite to sum up the GDPR; “Nothing about me without me”. The phrase is not new, it comes most recently from the UK National Health Service in the terms “No decision about me without me”. Under the GDPR, processing of personal data (possession is processing) must be legal; it must be lawful. Each act of processing must be confirmed to be lawful anddocumented. That […]
One Year Plus One Month
There is a revolution coming; in fact it has arrived. The revolution is favourable to persons, to individuals. A person is, in principle, entitled to control of her data. If government or commercial interests wish to use that data they must comply with the General Data Protection Regulation (GDPR). The GDPR is current law and comes into effect on 25th May 2018. That date represents a cliff-edge. That edge has been made more severe due to Brexit. Brexit, as the […]
Application by EFF and DRI in DPC v Facebook and Schrems
On Friday 17th June 2016, McGarr Solicitors attended before Mr. Justice McGovern in the High Court on behalf of Digital Rights Ireland and the Electronic Frontier Foundation, a US non-profit. Counsel applied for leave to file papers to support applications by our clients to be joined as amici curiae in the case of Data Protection Commissioner -v- Facebook Ireland Limited and Maximillian Schrems. The DPC is seeking a reference to the CJEU arising from Mr. Schrems’ complaint regarding the transfer […]
Dept of Health and Data Protection Commissioner files on Individual Health Identifiers
Seeing as everyone is very busy with the election, I thought I’d give you something a bit different to read. So, thanks to an FOI request, please find below the documents details exactly what has and has not been agreed between the Department of Health and the Office of the Data Protection Commissioner in advance of the DPC receiving any complaints from the public. The files raise issues about the appropriateness of the relationship between the Independent regulator and the […]
The Privacy Shield: The deal on EU/US Safe Harbour data that wasn’t there
Yesterday the EU Commission and the US government announced that, having burst past the deadline of Sunday set by Europe’s Data Protection Authorities (collectively called the Art 29 Working Party because that’s how the EU is), they had secured an 11th hour deal on transfers of personal data across the Atlantic. Safe Harbour (and Safe Harbor) was no more, they trumpeted, replaced by something that is spelled the same in English for both parties- The Privacy Shield. These are some […]
Safe Harbour: Irresistible force meets an immovable object
It’s an old Internet joke, but a good one. It takes the form of a transcript of radio communications at sea. The identity of the two sides shifts depending on who’s telling the story- UK and Ireland, Spain and Portugal etc. What stays the same is that a huge military ship from a powerful imperial nation is told by a little nation’s vessel to change course to prevent a collision. It refuses and demands the other party change course. The […]
Misreading Bara: The Irish State’s database crisis
Catherine Murphy TD has done the nation much service in her time in the Dáil. Her most recent efforts to extract information from the State apparatus may have as great an impact as anything she has done. The Social Democrats leader set down a series of Parliamentary questions, asking Ministers if they were aware of the CJEU’s recent Bara judgment and if their Departments had undertaken any database building projects which were effected by it. (Here’s a snappy explainer on […]
HSE has no record of legal advice re Health Identifier scheme
I have previously written about why I think the CJEU’s Bara Judgment makes Section 8 of the underlying Health Identifier Act illegal. (This is the Section that allows the state to try to pool the info they hold on citizens in other databases to populate this new one.) An FOI reply has now been sent on to me about the Individual Health Identifier scheme. I am surprised to see an acknowledgement that, despite the extreme sensitivity in creating a new database […]